diff options
| author | Ivan Gabaldon <igabaldon@inetol.net> | 2025-09-23 21:57:29 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-09-23 21:57:29 +0200 |
| commit | 3bf702447b0c23510cf095737b7ad3e7a9f09279 (patch) | |
| tree | b59abb57af4f45f1c6c2719e7fdee8e4b4e7c81e | |
| parent | d2e2802514fdd153e2c5791c3ddc3901d08a7be7 (diff) | |
[enh] container: custom certificates (#5238)
Let container instance administrators to add custom certificates:
https://docs.searxng.org/admin/installation-docker.html#custom-certificates
Closes https://github.com/searxng/searxng/issues/5206
| -rw-r--r-- | container/base-builder.yml | 1 | ||||
| -rw-r--r-- | container/base.yml | 2 | ||||
| -rwxr-xr-x | container/entrypoint.sh | 2 | ||||
| -rw-r--r-- | docs/admin/installation-docker.rst | 11 |
4 files changed, 16 insertions, 0 deletions
diff --git a/container/base-builder.yml b/container/base-builder.yml index 0b16e4be7..84f7e95aa 100644 --- a/container/base-builder.yml +++ b/container/base-builder.yml @@ -16,6 +16,7 @@ work-dir: /usr/local/searxng/ environment: PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + SSL_CERT_DIR: /etc/ssl/certs SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt HISTFILE: /dev/null diff --git a/container/base.yml b/container/base.yml index aa1c7e9f9..f78abab85 100644 --- a/container/base.yml +++ b/container/base.yml @@ -3,6 +3,7 @@ contents: - https://dl-cdn.alpinelinux.org/alpine/edge/main packages: - alpine-baselayout + - ca-certificates - ca-certificates-bundle - musl-locales - musl-locales-lang @@ -27,6 +28,7 @@ accounts: environment: PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + SSL_CERT_DIR: /etc/ssl/certs SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt HISTFILE: /dev/null CONFIG_PATH: /etc/searxng diff --git a/container/entrypoint.sh b/container/entrypoint.sh index 2e45bca21..10844f115 100755 --- a/container/entrypoint.sh +++ b/container/entrypoint.sh @@ -127,4 +127,6 @@ volume_handler "$DATA_PATH" # Check for files config_handler "$SEARXNG_SETTINGS_PATH" "/usr/local/searxng/searx/settings.yml" +update-ca-certificates + exec /usr/local/searxng/.venv/bin/granian searx.webapp:app diff --git a/docs/admin/installation-docker.rst b/docs/admin/installation-docker.rst index c947b8b57..20fa95262 100644 --- a/docs/admin/installation-docker.rst +++ b/docs/admin/installation-docker.rst @@ -165,6 +165,17 @@ Container internal paths (don't modify unless you know what you're doing): - ``$SEARXNG_SETTINGS_PATH``: Path to the SearXNG settings file (default: ``$CONFIG_PATH/settings.yml``) - ``$DATA_PATH``: Path to the SearXNG data directory (default: ``/var/cache/searxng``) +.. _Container custom certificates: + +Custom certificates +=================== + +You can mount ``/usr/local/share/ca-certificates/`` folder to add/remove +additional certificates as needed. + +They will be available on container (re)start or when running +``update-ca-certificates`` in the container shell. + .. _Container custom images: Custom images |